I have an intranet application, and now I want to let external users have access to it. Their task is to insert data into my application, not fetch any data. My server is hidden behind a firewall, and it's not yet accessible from the internet. The administration is concerned with security issues, so I have to create a secure environment.

Now, I have two possible solutions:
1. I can use digital certificates to authenticate the external users. It might seem like a huge job to provide everyone with a digital certificate, but that's ok. Also, I can set the firewall to only accept connections from a range of IP-addresses, as the external users have static IP's and won't be using the service from any other place than that.

2. I can put a server on the outside of the firewall (demilitarized zone), and create an application that will recieve a post from the external users and transport data thorugh the firewall and into my intranet application. Unauthorized users who post me data they're not supposed to won't be a problem, since I'm able to remove data that's not supposed to be inserted into the intranet application.

It seems both solutions will do, but I think no 1 is the better because digital certificates should be safe, and will remove the overhead of the extra server. And digital sertificates is kinda hot these days, so it's gonna make me look good

Anyway, has anyone got oppinions?